rom 11 blocker image

tacapall

Member +
Joined
Dec 7, 2005
Messages
135
Reaction score
0
Hi all
date has run out on my mates card i cant get into it with nagraedit keeps asking for backdoor password its a sammy 2100c and i need the bk and ird off the card is there any other way i could get into it without fooking the numbers up. Thanks
 
I think mrom is the only way mate but it WILL wipe the card These blockers usually come with a warning to save your info before you use them
 
Hi all
date has run out on my mates card i cant get into it with nagraedit keeps asking for backdoor password its a sammy 2100c and i need the bk and ird off the card is there any other way i could get into it without fooking the numbers up. Thanks

Get IRD from Engineering menu and convert to hex with windows calculator.
Get BK using BoxGetPC2, have to click yes to both message boxes first.
 
Get IRD from Engineering menu and convert to hex with windows calculator.
Get BK using BoxGetPC2, have to click yes to both message boxes first.

How do I do this on a 2100c thanks and what numbers do i put in
 
You could try glitching it with the latest B0D unlocker.

Blockers are only bugcatchers and the sole function of glitching is to remove bugcatchers hence you can pretty much always glitch your way into a Rom11 card by one means or another.
 
use XNCS and click on read it will open it but it will say something like fail with fat then u just click ok and then go and click main card on the left under file and u will see ur netid in there then click on read again and the card will open and then u just go into fat and get ur bk's... that what works for me
 
use XNCS and click on read it will open it but it will say something like fail with fat then u just click ok and then go and click main card on the left under file and u will see ur netid in there then click on read again and the card will open and then u just go into fat and get ur bk's... that what works for me

i agree that the blocker image that is going around will read with xncs but you get a fat error , once you ignore this the ird is 00000000 but the bk is intact

PIJ
 
You could try glitching it with the latest B0D unlocker.

Blockers are only bugcatchers and the sole function of glitching is to remove bugcatchers hence you can pretty much always glitch your way into a Rom11 card by one means or another.

Nozzer this is not true of many of the public domain blockers (such as the B09 image that is doing the rounds) as it has a bugcatcher protecting against writes to codespace hooked in on the write-or-erase-eeprom routine (unless its writing #$30 into numbugs, the backdoor/freespace flag or date on cam).
The B0D script could be easily adapted to use a payload that bypasses this routine alltogether, or such that it sets numbugs from 34 to 30 before setting it to zero.
The B09 blocker has a password hooked in on the classA0 bug command number D8 with the Bk as the password, this toggles numbugs between 34 (6900) and 30 (9000). When set at 30 the codespace protection is off and the B0D script can finish the job if the card still isnt readable.
Also the code indicated that it would allow writes if BDK0 was in ram, so I dont understand how so many people are having problems. Guess its just people using blockers they havent got a clue about.
This B09 blocker is missing part of the code (where its been crudely adapted from another provider I would guess) and contains no real EMM handling routines - I wouldnt touch it with a barge pole lol.
I did a disasm of it somewhere when it first surfaced, cant remember where I posted it now though lol.

Of course it may be that this blocker is something else entirely, lol.

edcase
 
you can read the dataspace in rom studio edit date bk etc

but must right the image to a fresh card with nagra or it will be hit
 
Nozzer this is not true of many of the public domain blockers (such as the B09 image that is doing the rounds) as it has a bugcatcher protecting against writes to codespace hooked in on the write-or-erase-eeprom routine (unless its writing #$30 into numbugs, the backdoor/freespace flag or date on cam).

The whole idea of glitching is to get around these little problems. The blockers work only by stopping you accessing certain routines. There's absolutely nothing stopping you from getting into these routines at a level that cant be blocked !

Tbh, there is no such thing as an effective blocker. They can always be dealt with which is why I personally think they are a total and utter waste of time.

The B0D script could be easily adapted to use a payload that bypasses this routine alltogether, or such that it sets numbugs from 34 to 30 before setting it to zero.

Exactly, simply bypass the routines that have been locked out. This is how one of the cc's in the USA took out a load of blockered cards, confirming my belief that these things are ultimately a waste of time !

The B09 blocker has a password hooked in on the classA0 bug command number D8 with the Bk as the password, this toggles numbugs between 34 (6900) and 30 (9000). When set at 30 the codespace protection is off and the B0D script can finish the job if the card still isnt readable.
Also the code indicated that it would allow writes if BDK0 was in ram, so I dont understand how so many people are having problems. Guess its just people using blockers they havent got a clue about.

Again, you've hit the nail on the head !

People are just writing stuff onto their cards without having any notion of how to actually use it. If you want to use these things effectively then you at least put some time into research into what blockers are, how they work and most importantly, how to use them.

This B09 blocker is missing part of the code (where its been crudely adapted from another provider I would guess) and contains no real EMM handling routines - I wouldnt touch it with a barge pole lol.
I did a disasm of it somewhere when it first surfaced, cant remember where I posted it now though lol.

Of course it may be that this blocker is something else entirely, lol.

Yep, I looked at this code as well and came to the same conclusion. Coded by an idiot who has attempted to adapt someone else's work without having any understanding of what they are actually doing. Yet another reason that I would never touch a blocker, especially one that barely works !
 
Back
Top